What are the differences between IPv4 and IPv6 protocols. Consider the protocol stack (no connection trace) and connection trace respectively. Protocol Stack: host: After IPv4 is restructured, it is submitted to the transport layer. This is the same as IPv6. Router: (IPv4) IPv4 forwards the multipart packet and does not reorganize it. If the size of a multipart package is greater than that of PMTU, The multipart package is still sharded and then forwarded. (IPv6) IPv6 only forwards fragmented packets and never reassembles the packets. If the part package is larger than PMTU, The ICMPv6 'too Big 'message is sent to the source end. Www.2cto.com connection trace: host: (IPv4) if the reorganization is successful, the complete data packet after the reorganization is submitted to the IPv4 protocol stack to find the route (the query result is host ), and then submit it to the transport layer. The IPv4 protocol stack does not need to be sharded. If the reorganization fails, the parts are retained in the connection trace until the reorganization times out and the received parts are cleared. After the timeout, you still need to send the ICMP time excite message to the source end. (IPv6) if the replica is successfully reorganized, the restructured replica packet is handed over to the connection trace for status tracking. The original parts will be forwarded to the IPv6 protocol stack. Find the route (the result is host), and then reorganize and submit it to the transport layer. This requires two restructures. If the reorganization fails, the process is the same as IPv4. Www.2cto.com route: (ipv4) if the original package is successfully reorganized, the complete data packet after the reorganization will be submitted to the IPv4 protocol stack, find the route (the query result is router), and then forward. If it is larger than PMTU, it will be sharded again. If the reorganization fails, the parts are retained in the connection trace until the reorganization times out and the received parts are cleared. After timeout, you do not need to send the ICMP time excite message to the source. (Ipv6) if the replica is successfully restructured (the complete replica package after the reorganization will be connected for tracking), the original shard package will be submitted to the IPv6 protocol stack, find the route (the result is a router) and then forward it. If it is greater than PMTU, The ICMPv6 'too Big 'message is sent to the source end.
If the reorganization fails, it is the same as IPv4. So I designed that nf_contrack_ipv6 forwards fragments to IPv6 stack even if nf_conntrack detects missing piece of fragments. remark: (20101110) since the introduction of commit 70789d70 (ipv6: discard overlapping fragment), this patch has been added to 2.6.37-rc1, IPv6, both protocol stack and Connection Tracing support rf000022, that is, re-partitioning of overlapping IPv6 fragments is prohibited. Once an overlapping IPv6 Shard is received, all the shards are discarded and the IPSTATS_MIB_REASMFAILS Count value is increased. However, IPv4 still allows the reorganization of overlapping parts. The reason for www.2cto.com is that IPv6 parts may contain other extension headers. The extension header is followed by the transport layer (tcp, udp) header. Forged overlapping parts will change the data in the original package. P.S. host indicates that the host linux is the destination. Router refers to an intermediate linux node that needs to forward packets.